When it all comes down to it, pretty much every CyberSecurity or InfoSec [or insert your own favorite term] breach or issue has a common component ... code! And despite plenty of cautionary examples and lessons learned, we see the same or similar issues over and over. These play out to the tune of millions with credit monitoring, stolen IDs and worse (think non-update-able, vulnerable pacemaker firmware) on the horizon.
The problem is akin to a stagnant pond that needs to be drained. There is an ancient Chinese proverb which is intended to assess an individual's sanity by giving them a bucket to address the issue of a stream flowing into a stagnant pond.
In this presentation, we will discuss the importance of AppSec in the world of InfoSec/Cybersecurity. We will look at it from the perspective of a security-minded developer who has seen how the water flows and stagnates in the pond. How do we create or shift incentives? How do we find common ground for the security community and the development community to sanely drain the pond?
Jason is an experienced developer with approximately 15 years of experience building applications (mostly web) in a variety of languages & platforms and in a variety of industries. Back in the day, he slung Perl CGI. Now, he primarily works on RESTful/single page web applications with Java/Spring on the backend. In the way of security, Jason is an active contributor and co-lead on (the resurrection of) OWASP WebGoat. He always makes it a point to break stuff on his professional projects and to beat the paranoia drum.